Google Introduces Project Zero Research Team

Today, Google announced its new security research team, known as “Project Zero,” that will work towards discovering vulnerabilities, such as Heartbleed, across the web.

Google Researcher Chris Evans stated Project Zero aims to significantly reduce the number of people harmed by these targeted attacks.

“You should be able to use the web without fear that a criminal or state-sponsored actor is exploiting software bugs to infect your computer, steal secrets or monitor your communications,” said Evans in a post on Google’s Online Security Blog.

The researchers will file all bugs discovered in an external database and only notify software vendors, not third parties. The Project Zero team also plans to make public the vendor’s time-to-fix performance after the vulnerability has been publicized and most often times already patched.

“We’re not placing any particular bounds on this project and will work to improve the security of any software depended upon by large numbers of people, paying careful attention to the techniques, targets and motivations of attackers,” said Evans.

“We’ll use standard approaches such as locating and reporting large numbers of vulnerabilities. In addition, we’ll be conducting new research into mitigations, exploitation, program analysis—and anything else that our researchers decide is a worthwhile investment.”

Google is currently hiring skilled security researchers to join the team.